what you don't know can hurt you
Showing 1 - 25 of 34 RSS Feed

Files Date: 2007-07-17

iDEFENSE Security Advisory 2007-07-16.2
Posted Jul 17, 2007
Authored by iDefense Labs, David Maciejak | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of an authorization bypass vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to login to the management console and alter application settings. The OfficeScan installation includes a web management console that allows administrators to configure the application and the Antivirus clients it manages. The web interface login is handled by cgiChkMasterPwd.exe which is passed a hash and an encrypted version of the password generated by an ActiveX control on the login page. If cgiChkMasterPwd.exe is sent an empty encryption string and empty hash it proceeds to issue the client a valid session id which can then be used to access the web management console. iDefense has confirmed the existence of this vulnerability in OfficeScan for Windows 7.3 with all current patches applied. Previous versions may also be affected.

tags | advisory, remote, web, activex, bypass
systems | windows, 7
advisories | CVE-2007-3455
MD5 | 9feb23e6fea2157756924c3bbe576752
iDEFENSE Security Advisory 2007-07-16.1
Posted Jul 17, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of a stack-based buffer overflow vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to execute arbitrary code with the privileges of the IIS Web User. The OfficeScan installation includes a series of CGI executables that are used for configuration through the Web interface. A shared library, CGIOCommon.dll, is used by many of these binaries to access environment variables passed to them from the parent IIS process. If a malicious Web request is made for a vulnerable binary, including an overly long session cookie, a stack-based Unicode buffer overflow will occur. iDefense has confirmed this vulnerability in OfficeScan 7.3 with all current patches applied. Testing has shown that this attack can be conducted by requesting multiple CGI binaries that make use of the shared library. Other versions are suspected to be vulnerable.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | windows
advisories | CVE-2007-3454
MD5 | 690a05b37c2cbeba9b270c6c3cc72693
husrevforum-xss.txt
Posted Jul 17, 2007
Authored by GeFORC3

husrevforum version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 50966e858c7ba6ff951aca721ea572ae
husrevforum-sql.txt
Posted Jul 17, 2007
Authored by GeFORC3

husrevforum version 1.0.1 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | a240ae69197c6c980eb994557aac8c04
aspziy-xss.txt
Posted Jul 17, 2007
Authored by GeFORC3

ASP Ziyareti Defteri version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss, asp
MD5 | bc197f832c78403927fd37f56dc4fa72
yim81-overflow.txt
Posted Jul 17, 2007
Authored by Rajesh Sethumadhavan | Site xdisclose.com

The Address Book functionality in Yahoo Messenger version 8.1 suffers from a buffer overflow.

tags | advisory, overflow
MD5 | a65c668dc3ddc48046b247da815a08c7
SQLPowerInjectorSourceCodev1.2.rar
Posted Jul 17, 2007
Authored by Francois Larouche | Site sqlinjector.com

SQL Power Injector is a graphical application created in C# .Net 1.1 that helps the penetration tester to inject SQL commands on a web page. Its main strength is its capacity to automate tedious blind SQL injection with several threads. Released under the Clarified Artistic License.

tags | tool, web, scanner, sql injection
systems | unix
MD5 | 58abb0581d20fdfdb496ddf0e66eb0ca
exlibris-xss.txt
Posted Jul 17, 2007
Authored by Matthew Cook | Site escarpment.net

Multiple versions of the ExLibris Aleph and Metalib products are vulnerable to simple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 0c219ccffc36d17ffe623b2a33f23ccc
HP Security Bulletin 2007-14.35
Posted Jul 17, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard for Linux. The vulnerability could be exploited to allow local unauthorized access or to increase privilege.

tags | advisory, local
systems | linux
MD5 | d92949bba66c79c4205e176e791036a1
webcit-multi.txt
Posted Jul 17, 2007
Authored by Christopher Schwardt

WebCit versions below 7.11 suffer from session riding and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e57b0c351ffeef0b0c3c40e9cee6ae6e
TISA2007-06-Public.txt
Posted Jul 17, 2007
Authored by Maldin d.o.o | Site teamintell.com

Element CMS suffers from a script insertion vulnerability.

tags | exploit
MD5 | 37bb8dbfd26a997990e91efc7e2733c2
opera-redirect.txt
Posted Jul 17, 2007
Authored by Robert Swiecki | Site alt.swiecki.net

Opera / Konqueror suffers from an arbitrary redirection vulnerability. It appears that Opera 9.21 and Konqueror 3.5.7 are susceptible.

tags | advisory, arbitrary
MD5 | df62c3606813ff0419901df0c1610fe1
ie-entrap.txt
Posted Jul 17, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

It appears that Microsoft Internet Explorer suffers from a browser entrapment vulnerability in document.open() calls.

tags | advisory
MD5 | a8e4a0a8e6bbda99cf4f77e69923c24c
Clam AntiVirus Toolkit 0.91.1
Posted Jul 17, 2007
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Fixed a memory leak amongst other things.
tags | virus
systems | unix
MD5 | 60152bf1e24b3fbdf0473794199e5215
07162007-flash_flv_9.0.45.0_exp.zip
Posted Jul 17, 2007
Authored by yunshu | Site ph4nt0m.org

Flash Player/Plugin video file parsing remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
MD5 | 00c683fd3f49ce3f6e2b42379c07ed80
trafficstats-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Traffic Stats suffers from a remote SQL injection vulnerability in referralUrl.php.

tags | exploit, remote, php, sql injection
MD5 | c6c0b15c2296f1f107a385058a0b08b8
pafiledb-sql.txt
Posted Jul 17, 2007
Authored by pUm, h4si

paFileDB version 3.6 suffers from a remote SQL injection vulnerability in search.php.

tags | exploit, remote, php, sql injection
MD5 | 91126ab470556aef1998f8a5021bc703
prozilla-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Prozilla suffers from a SQL injection vulnerability in directory.php.

tags | exploit, php, sql injection
MD5 | 37dbb3c8a38631e95ff2bd8254c24a15
realtor-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Realtor 747 suffers from a SQL injection vulnerability in index.php.

tags | exploit, php, sql injection
MD5 | bedd5da29694a914a214c0dc5cd3560c
azdg-rfi.txt
Posted Jul 17, 2007
Authored by ThE dE@Th

AzDG Dating Gold version 3.0.5 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 95081a1ed6646553dc74f0a0f7990392
Secunia Security Advisory 25718
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered two vulnerabilities in InterActual Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 4234a11805a0f3cc4d0e4bdf2a75d11c
Secunia Security Advisory 25739
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in CinePlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 02acd1ff7cd199b141ed42267dd054d0
Secunia Security Advisory 25979
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alex Hernandez has reported some vulnerabilities in Proventia GX5108 and GX5008, which potentially can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

tags | advisory, vulnerability, xss
MD5 | b339b564df0fd3dd2a7d1efa6fbc9573
Secunia Security Advisory 26005
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Daniel Weber has reported a vulnerability in eSoft InstaGate, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 2ca5455f165d7eeed10cfcbcc83b8faf
Secunia Security Advisory 26012
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libnet-dns-perl. This fixes two vulnerabilities, which can be exploited to poison the DNS cache or to cause a DoS (Denial of Service).

tags | advisory, denial of service, perl, vulnerability
systems | linux, ubuntu
MD5 | 233bde8a7a1ba29c157bc5452077d230
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close